Category

How can I overwrite burp's default scanner options

Prateek |
Last updated: May 19, 2020 01:28AM UTC

Hi, when I select actively scan this host from one host in sitemap it automatically uses Burp's default scanner options. I am wondering how can I select my own customized options or if I can overwrite Burp's default options

Ben, PortSwigger Agent |
Last updated: May 19, 2020 10:30AM UTC

Hi Prateek,
If you perform an Active Scan on a host it will create a new Active Scans task in the Dashboard of Burp that uses the default scan configuration. You can then pause this task, click on the Settings icon and then change the scan configuration settings as you would for a normal scan.
Any further active scans that are initiated will be added to the existing task and will then adhere to the current scan configuration in place (unless you delete the task or start a new project).

Prateek |
Last updated: May 19, 2020 03:47PM UTC

Is there a way to do this programmatically? Is there any extender API that can be implemented for this?

Prateek |
Last updated: May 19, 2020 03:47PM UTC

Is there a way to do this programmatically? Is there any extender API that can be implemented for this?

Ben, PortSwigger Agent |
Last updated: May 20, 2020 01:18PM UTC

Hi Prateek,
Are you wanting to initiate a scan of a site, and use a custom scan configuration, or are you wanting to perform an active scan of a site that you have already mapped out and which is located in the Site maps?

Prateek |
Last updated: May 20, 2020 03:13PM UTC

I want to perform active and passive scan of a site that is located in Site maps with my customized configurations

Ben, PortSwigger Agent |
Last updated: May 21, 2020 01:44PM UTC

It is possible to change the settings used by the active and passive scans in the UI but you would be changing them for each particular task rather than changing any default settings.
Could you tell us more about your end-to-end workflow and the steps you would like to take to perform the crawl and audit of your site, please?
I can see one of your colleagues has already contacted us via email, so if this is already being covered in that case, it may be best to continue this via the emails so that we can share more detailed information directly rather than on a public forum.